from google.oauth2 import service_account
credentials = service_account.Credentials.from_service_account_file(
'service-account.json')
print(credentials.__dict__)
That print statement prints credentials but in that token is printed as none and expiry is also printed as none.
JSON file
{
"type": "service_account"
"project_id": xxxxxxxxxx
"private_key_id": xxxxxxxxxx
"private_key": xxxxxxxxxx
"client_email": xxxxxxxxxx
"client_id": xxxxxxxxxx
"auth_uri": xxxxxxxxxx
"token_uri": xxxxxxxxxx
"auth_provider_x509_cert_url": xxxxxxxxxx
"client_x509_cert_url": xxxxxxxxxx
}
Please help me how to generate token for service account with expiry time.
Related
We are Using Apache Nifi to Publish events to PubsubLite using (PublishGCPubSubLite 1.17.0) Nifi processor.
GCP SA json files contains below field:
{
"type": "service_account",
"project_id": "",
"private_key_id": "",
"private_key": "",
"client_email": "",
"client_id": "",
"auth_uri": "",
"token_uri": "",
"auth_provider_x509_cert_url": "",
"client_x509_cert_url": ""
}
We tried using type:"service_account" and it is getting failed to communicate. and we are getting the below error,
PublishGCPubSubLite[id=7f9baf80-0184-1000-ffff-ffff8ec321b3] Failed to create Google Cloud PubsubLite Publisher: com.google.api.gax.rpc.UnauthenticatedException: io.grpc.StatusRuntimeException: UNAUTHENTICATED: Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
Caused by: io.grpc.StatusRuntimeException: UNAUTHENTICATED: Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
From Nifi server we tested the connectivity and credential, it is working:
./google-cloud-sdk/bin/gcloud auth login --cred-file gcp.json
Authenticated with service account credentials for: [#.iam.gserviceaccount.com].
Your current project is [None]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
Please suggest how to make connection to PubsubLite on Apache Nifi
I am trying to simply authenticate to the Google Cloud Storage API using OAuth2.0 and C# with a JSON file from Google.
here is my OAuth JSON file:
{
"client_id": "ClientIdHere",
"project_id": "ProjectName",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_secret": "ClientSecretHere",
"redirect_uris": [ "https://localhost:44349//RedirectPage.aspx" ]
}
Here is the code that I am using, I borrowed it from this post
protected void DoTheThingsAgain()
{
try
{
string bucketName = "Daves-Bucket";
string sharedkeyFilePath = "C:\\inetpub\\wwwroot\\GoogleAPITest\\GoogleAPITest\\App_Data\\JSONFile.json";
GoogleCredential credential = null;
using (var jsonStream = new FileStream(sharedkeyFilePath, FileMode.Open,
FileAccess.Read, FileShare.Read))
{
credential = GoogleCredential.FromStream(jsonStream);
}
}
catch (Exception ex)
{
throw ex;
}
}
Everything works fine until it hits this line:
**credential = GoogleCredential.FromStream(jsonStream);**
then it gives me the error: Error creating credential from JSON. Unrecognized credential type .
How do I specify the credential type for OAuth?
I have seen other solutions for this but not while using OAuth, only with ServiceAccounts.
That you in advance for any help you all can provide!
I would like to know how to register a new user using AWS Cognito Ruby SDK.
So far I have tried:
Input
AWS_KEY = "MY_AWS_KEY"
AWS_SECRET = "MY_AWS_SECRET"
client = Aws::CognitoIdentityProvider::Client.new(
access_key_id: AWS_KEY,
secret_access_key: AWS_SECRET,
region: 'us-east-1',
)
resp = client.sign_up({
client_id: "4d2c7274mc1bk4e9fr******", # required
username: "test#test.com", # required
password: "Password23sing", # required
user_attributes: [
{
name: "app", # required
value: "my app name",
},
],
validation_data: [
{
name: "username", # required
value: "true",
},
]
})
Output
Aws::CognitoIdentityProvider::Errors::NotAuthorizedException (Unable to verify secret hash for client 4d2c7274mc1bk4e9fr*****)
References
https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CognitoIdentityProvider/Client.html#sign_up-instance_method
If your app client is configured with a client secret, most of the client requests require you to include a 'secret hash' in the options parameters of the request. The Cognito docs describe the secret hash thusly:
The SecretHash value is a Base 64-encoded keyed-hash message
authentication code (HMAC) calculated using the secret key of a user
pool client and username plus the client ID in the message. The following pseudocode shows how this value is calculated.
Base64 ( HMAC_SHA256 ( "Client Secret Key", "Username" + "Client Id" ) )
The docs also make it clear via a glob of sample Java that you are expected to roll your own. After a bit of experimenting I was able to successfully complete a sign_up call with the following (my test pool was set up to require email and name attributes):
def secret_hash(client_secret, username, client_id)
Base64.strict_encode64(OpenSSL::HMAC.digest('sha256', CLIENT_SECRET, username + CLIENT_ID))
end
client = Aws::CognitoIdentityProvider::Client.new(
access_key_id: AWS_KEY,
secret_access_key: AWS_SECRET,
region: REGION)
username = 'bob.scum#example.com'
resp = client.sign_up({
client_id: CLIENT_ID,
username: username,
password: 'Password23sing!',
secret_hash: secret_hash(CLIENT_SECRET, username, CLIENT_ID),
user_attributes: [{ name: 'email', value: username },
{ name: 'name', value: 'Bob' }],
validation_data: [{ name: 'username', value: 'true' },
{ name: 'email', value: 'true' }]
})
CLIENT_SECRET is the app client secret that can be found under General Settings > App Clients.
Result:
#<struct Aws::CognitoIdentityProvider::Types::SignUpResponse
user_confirmed=false,
code_delivery_details=nil,
user_sub="c87c2ac8-1480-4d15-a28d-6998d9260e73">
I am using Google Youtube Api to authenticate my application using service account
my Json looks like
{
"type": "service_account",
"project_id": "uityityiuy",
"private_key_id": "hjklhkkkkkkkkkkh",
"private_key": "sdfggfdsgsdf",
"client_email": "asdfas",
"client_id": "asdfasasd",
"auth_uri": "qrwqerweq",
"token_uri": "qrwerq",
"auth_provider_x509_cert_url": "eryter",
"client_x509_cert_url": "ertyertytter"
}
Authentication script
using Google.Apis.YouTube.v3;
UserCredential credential;
using (var stream = new FileStream(keyFilePath, FileMode.Open, FileAccess.Read))
{
credential = await GoogleWebAuthorizationBroker.AuthorizeAsync(
GoogleClientSecrets.Load(stream).Secrets,
scopes,
"user",
CancellationToken.None,
new FileDataStore("somename"));
var youtubeService = new YouTubeService(new
BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "sosadfas"
});
return youtubeService;
}
I get
InvalidOperationException: At least one client secrets (Installed or
Web) should be set
Google.Apis.Auth.OAuth2.GoogleClientSecrets.get_Secrets() in
GoogleClientSecrets.cs, line 45
Any One With Ideas?
After going through google developer site they say
Service Accounts do not work with the YouTube API
I am converting a PHP application to access Google calendar to Go. I used this step by step to get started.
All went smoothly, but when I run quickstart.go, I get the following error:
Unable to parse client secret file to config: oauth2/google: missing
redirect URL in the client_credentials.json exit status 1
Content of the client_secret.json is:
{
"installed":{
"client_id":"***********content.com",
"project_id":"*******",
"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"token_uri":"https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs"
}
}
That client_secret.json file is located at the root of my GOPATH as instructed in the step by step
I already have aOAuth 2.0 client ID for my PHP app that works just fine in PHP. I just want to use that one in the a new Go application to access multiple user calendars, but when I download the json file attached to that ID, I am getting the error above. Maybe the quickstart.go is not meant for that usage.
Any hints?
When you create OAuth credentials at https://console.developers.google.com/apis/credentials the dialog initially prompts you to "Configure your OAuth client" and you can choose between "Web application", "Desktop app", etc.
The client.json obtained for the generated OAuth credentials may not contain a "Return URL", depending on the type chosen initially.
For example, for "Web application" the client.json does not have a redirect URL:
{
"web": {
"client_id": "x.apps.googleusercontent.com",
"project_id": "x",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_secret": "x"
}
}
While for a "Desktop app" it has:
{
"installed": {
"client_id": "x.apps.googleusercontent.com",
"project_id": "x",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_secret": "x",
"redirect_uris": [
"urn:ietf:wg:oauth:2.0:oob",
"http://localhost"
]
}
}
The Go oauth.google module always requires a return URI: https://github.com/golang/oauth2/blob/0f29369cfe4552d0e4bcddc57cc75f4d7e672a33/google/google.go#L61